Fran: You may need to 1) add a few lines of code in AuthCookie to make your error code aware to other methods, and 2) have a dynamic login page that can interpret the code. Alternatively, you may try AccessCookie I posted. :-) In AccessCookie, you simply "return $error" from authenticate(), let login page() catch the code and display corresponding instruction. I haven't tested it in a frame set, but it should appear a login page with custom instructions in the last window the user visited before the expiration time. The user re-types login/password, then is redirected to the page he tried before.
Peter Bi ----- Original Message ----- From: "Fran Fabrizio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 3:01 PM Subject: framesets/AuthCookie question > > I'm using AuthCookie and as some of you know, if it determines your > session to be invalid it redirects to a login page instead by way of a > FORBIDDEN response coupled with a custom error page. > > My app has a frameset (navigation on the left, and two data frames on > the right). I know the evils of framesets, but in our case, it's the > best way to present our particular data. > > What ends up happening is that if the session expires, AuthCookie > displays the login page inside whatever frameset you were clicking in, > while the other two remain on whatever they were on previously. > > I made a quick solution...I told AuthCookie that my login page was > login.html. login.html had javascript which called /real/login (a > mod_perl handler) and targeted it to the top frame. All is well and now > the entire browser window gets cleared and replaced with the login page. > > However...I then thought it'd be neat to include on the /real/login page > a message to tell them how they got there ("Your session has expired", > "Your account has logged on from another location", "Invalid > username/password combination", whatever...). > > At first I thought I could accomplish this by simply doing > $r->notes('LOGINFAILMSG' => 'Your session has expired') if AuthCookie > detected it to be thus, and then in my handler I could retrieve it and > display it. > > However, it's failing of course because I added the extra redirection of > the login.html w/ the javascript, which makes a round trip to the client > and back, so it looks like a brand new request to mod_perl, thus, no > notes() any more. Is there a solution to breaking out of the frameset > AND propagating the reason for the logout to the /real/login page? > > I'd appreciate and and all ideas. Thanks! > > -Fran > > >